.. role:: python(code)
:language: python
璇勬祴绠楁硶璇︾粏浠嬬粛
========================================
骞冲彴宸查泦鎴愮殑鏂囨湰鎯呮劅鍒嗘瀽妯″瀷璇勬祴锛堜互涓嬬畝绉版枃鏈瘎娴嬶級绠楁硶鍙婄畝瑕佽鏄庡涓嬫墍绀�(浣跨敤绠楁硶缂╁啓瀛楀吀搴忔帓搴�)銆傝瘎娴嬩緷鎹富瑕佹槸妯″瀷鎶垫姉鏂囨湰鏀诲嚮鐨勮兘鍔涖€�
TextFooler绠楁硶 [#text_fooler]_
--------------------------------
绠楁硶浠嬬粛
~~~~~~~~
:code:`TextFooler` 绠楁硶鏄竴涓粦鐩掔殑鍗曡瘝绮掑害绾у埆鐨勬枃鏈嚜鐒惰瑷€澶勭悊鏀诲嚮绠楁硶锛屼富瑕侀拡瀵圭殑鏄枃鏈垎绫讳互鍙婃枃鏈暣鍚帹鐞嗕袱绫讳换鍔$殑妯″瀷銆傛墽琛岀畻娉� :code:`TextFooler` 闇€瑕侀鍏堟湁涓€涓ぇ鐨勮瘝姹囪〃 :code:`Vocab`锛屽崟璇嶅祵鍏ワ紙鍚戦噺鍖栵級妯″瀷 :math:`\operatorname{WordEmb}` 浠ュ強鍙ュ瓙宓屽叆锛堝悜閲忓寲锛夋ā鍨� :math:`\operatorname{SenEmb}` 銆� :code:`TextFooler` 涓昏鐨勬€濇兂鍙互鎬荤粨濡備笅锛�
鏍规嵁妯″瀷 :math:`F` 鍙互缁欏嚭鍗曡瘝 :math:`w` 鍦ㄥ彞瀛� :math:`X` 涓殑閲嶈搴︼紙Importance锛夛紝瀹氫箟濡備笅
.. math::
I_{w} := \begin{cases}
F_Y(X) - F_Y(X_{\setminus{w}}), & \text{ 鑻� } F(X) = F(X_{\setminus{w}}) = Y \\
(F_Y(X) - F_Y(X_{\setminus{w}}))+(F_{\widetilde{Y}}(X_{\setminus{w}}) - F_{\widetilde{Y}}(X)), & \text{ 鑻� } F(X) = Y, F(X_{\setminus{w}}) = \widetilde{Y}, Y \neq \widetilde{Y}
\end{cases}
涓婂紡涓殑 :math:`X_{\setminus{w}}` 涓哄彞瀛� :math:`X` 鍘绘帀鍗曡瘝 :math:`w` 涔嬪悗鎵€寰楃殑鍙ュ瓙锛� :math:`F(X)` 涓烘ā鍨� :math:`F` 瀵逛簬鍙ュ瓙 :math:`X` 鐨勫垎绫荤粨鏋滐紙鎴栬€呮枃鏈暣鍚帹鐞嗙粨鏋滐級锛� :math:`F_Y(X)` 涓烘ā鍨� :math:`F` 瀵逛簬鍙ュ瓙 :math:`X` 棰勬祴缁撴灉涓� :math:`Y` 鐨勬鐜囥€�
灏嗗垵濮嬬殑瀵规姉鏍锋湰缃负 :math:`X_{adv} = X` 銆傚皢 :math:`X` 涓崟璇嶄緷鐓ч噸瑕佸害鐢遍珮鍒颁綆杩涜鎺掑簭锛屼緷娆℃墽琛屽涓嬬殑璐┆鎼滅储锛坓reedy search锛夛細浠庤瘝姹囪〃`Vocab`涓寫鍑轰笌鍗曡瘝 :math:`w` 鍚戦噺鍖栦箣鍚庝綑寮︾浉浼煎害鏈€楂樼殑 :math:`N` 涓崟璇嶏紝骞跺幓鎺夌粡杩囨浛鎹㈠悗鍦ㄥ彞瀛愪腑涓庡師鍗曡瘝 :math:`w` 璇嶆€т笉涓€鑷寸殑鍗曡瘝锛岀粍鎴愬閫夐泦鍚� :math:`\mathcal{C}_w` 銆�
瀵逛簬闆嗗悎 :math:`\mathcal{C}_w` 涓殑鍗曡瘝 :math:`c` 锛屽湪鍙ュ瓙 :math:`X_{adv}` 涓皢鍗曡瘝 :math:`w` 鏇挎崲涓� :math:`c` 锛屽緱鍒版柊鐨勫彞瀛� :math:`X'_c` 銆傚鏋� :math:`\operatorname{SenEmb}(X_{adv})` 涓� :math:`\operatorname{SenEmb}(X')` 鐨勪綑寮﹁窛绂诲ぇ浜庨璁剧殑闃堝€硷紝鍒欏皢 :math:`c` 淇濈暀鍦ㄩ泦鍚� :math:`\mathcal{C}_w` 涓紝鍚﹀垯鍓旈櫎銆傚亣璁� :math:`\mathcal{C}_w` 鏈€缁堥潪绌洪泦锛岃杩欎釜闆嗗悎涓�
.. math::
\mathcal{C}_w = \{ c_k \ |\ 0 \leqslant k \leqslant N_w \}
:math:`N_w` 涓烘煇涓ぇ浜庣瓑浜�1鐨勬暣鏁般€備笌姝ゅ悓鏃讹紝鎴戜滑浼氬緱鍒颁袱涓簭鍒�
.. math::
\begin{align*}
Y_k & := F(X'_{c_k}) \\
P_k & := F_{Y_k}(X'_{c_k})
\end{align*}
姝ゆ椂锛岃嫢瀛樺湪鏌愪釜 :math:`k` 锛屼娇寰� :math:`Y_k \neq Y = F(X)` 锛岄偅涔堜护
.. math::
\DeclareMathOperator*{\argmax}{arg\,max}
c^* := \argmax_{c_k} \{ \operatorname{CosSim}(\operatorname{SenEmb}(X), \operatorname{SenEmb}(X'_{c_k})) \ |\ Y_k \neq Y \}
鍦ㄦ鏃剁殑 :math:`X_{adv}` 涓皢鍗曡瘝 :math:`w` 鏇挎崲涓� :math:`c^*` 锛屽緱鍒版柊鐨� :math:`X_{adv}` 锛屽嵆涓烘弧瓒宠姹傜殑瀵规姉鏍锋湰銆傛鏃跺彲浠ヨ烦鍑哄惊鐜紝杩斿洖 :math:`X_{adv}` 銆傚弽杩囨潵锛岃嫢搴忓垪 :math:`Y_k` 涓殑姣忎釜鍏冪礌閮界瓑浜庡師棰勬祴鍊� :math:`Y` 锛屽垯妫€鏌ュ涓嬫潯浠舵槸鍚︽弧瓒�
.. math::
\min_{0 \leqslant k \leqslant N_w} P_k < F_{Y}(X_{adv})
鑻ユ弧瓒筹紝鍒欎护
.. math::
\DeclareMathOperator*{\argmin}{arg\,min}
c^* := \argmax_{c_k} \{ P_k \}
骞跺皢 :math:`X_{adv}` 涓殑鍗曡瘝 :math:`w` 鏇挎崲涓� :math:`c^*` 锛岃繘鍏ヤ笅涓€涓崟璇嶇殑寰幆锛岀洿鍒版弧瓒虫潯浠讹紙鍗� :math:`F(X_{adv}) \neq Y` 锛夌殑瀵规姉鏍锋湰 :math:`X_{adv}` 浜х敓锛屾垨鎵€鏈夊崟璇嶉兘瀹屾垚浜嗘悳绱€€傚綋閬嶅巻鎵€鏈夊崟璇嶉兘鏃犳硶鐢熸垚婊¤冻鏉′欢鐨勫鎶楁牱鏈� :math:`X_{adv}` 锛屽垯鐢熸垚瀵规姉鏍锋湰澶辫触锛岃繑鍥炵┖鍊� :python:`None` 銆�
鍙傛暟璇存槑
~~~~~~~~
1. :code:`max_candidates`: 鍗曟鎼滅储浜х敓鐨勫緟閫夊鎶楁牱鏈暟鐩笂闄�
2. :code:`min_cos_sim`: 鏈夋晥瀵规姉鏍锋湰涓庡師鏍锋湰杩涜鐨勮瘝鏇挎崲鐨勮瘝宓屽叆鍚戦噺鐨勬渶灏忎綑寮﹁窛绂�
3. :code:`use_threshold`: 鏈夋晥瀵规姉鏍锋湰涓庡師鏍锋湰鐨勫彞宓屽叆锛堜娇鐢� :code:`Universal Sentence Encoder`锛夊悜閲忕殑鏈€灏忎綑寮﹁窛绂�
HotFlip绠楁硶 [#hotflip]_
--------------------------
绠楁硶浠嬬粛
~~~~~~~~
:code:`HotFlip` 绠楁硶鏄竴绉嶇櫧鐩掓敾鍑荤畻娉曪紝鍙互杩涜瀛楃绾у埆鐨勬敾鍑伙紝涔熷彲浠ヨ繘琛岃瘝绾у埆鐨勬敾鍑汇€� :code:`HotFlip` 绠楁硶瀵瑰彞瀛� :math:`X` 杩涜鐨勬搷浣滀富瑕佹槸璇嶏紙鎴栬€呭瓧绗︼級鐨勬浛鎹紙鍘熸枃涓О浣滅炕杞紝flip锛夛紝鎻掑叆涓庡垹闄や篃鍙浣滅壒娈婄殑鏇挎崲鎿嶄綔銆傚浜庢浛鎹㈣瘝锛堝瓧绗︼級鐨勯€夊彇锛屼富瑕侀€氳繃鏋佸ぇ鍖栬绠楁崯澶卞嚱鏁扮殑鏂瑰悜瀵兼暟寰楀埌锛�
.. math::
\operatorname{argmax}\limits_s \nabla_X L(X,y)^T \cdot v_{is} = \operatorname{argmax}\limits_s \nabla_X L(X,y)^T - \nabla_X L(X,y)^T[i']
鍏朵腑 :math:`L` 涓烘崯澶卞嚱鏁帮紝鍚戦噺 :math:`v_{is}` 涓烘浛鎹㈢ :math:`i` 涓瘝锛堝瓧绗︼級涓鸿瘝姹囪〃锛堝瓧绗﹁〃锛変腑绗� :math:`s` 涓瘝锛堝瓧绗︼級瀵瑰簲鐨勫悜閲忥紝鍏蜂綋鏉ヨ绛変簬绗� :math:`i'` 浣嶅€间负-1锛岀 :math:`s'` 浣嶅€间负1锛屽叾浣欎綅缃€间负0鐨勫悜閲忥紝 :math:`i'` 涓鸿鏇挎崲鐨勫彞瀛愪腑鐨勭 :math:`i` 涓瘝锛堝瓧绗︼級鍦ㄨ瘝姹囪〃锛堝瓧绗﹁〃锛変腑鐨勪笅鏍囥€� :math:`\operatorname{argmax}\limits_s'` 鍙互鏇挎崲涓烘帓鍚嶅墠n涓搴旂殑涓嬫爣銆備竴鑸潵璇达紝瀵逛簬鐧界洅瀵规姉鏀诲嚮锛屾垜浠笇鏈涙部鐫€姊害鏂瑰悜 :math:`\nabla_X L(X,y)^T` 鏋佸ぇ鍖栨崯澶卞嚱鏁帮紝浣嗙敱浜庢枃鏈殑鐗规畩鎬э紝鎴戜滑鍙兘鍙栦竴浜涘甫闄愬埗锛堜緥濡傚彧鏈変竴涓瘝琚浛鎹級鐨勭壒娈婄殑绂绘暎鐨勬柟鍚戯紝鏋佸ぇ鍖栬繖浜涙柟鍚戜笌姊害鐨勫唴绉紙鍗虫柟鍚戝鏁帮級銆�
:code:`HotFlip` 绠楁硶鎼滅储瀵规姉鏍锋湰鐨勬柟娉曚负鏉熸悳绱紙beam search锛夛紝涓�:code:`TextFooler` 绠楁硶涓娇鐢ㄧ殑璐┆鎼滅储锛坓reedy search锛夌殑鏀硅壇銆傛潫鎼滅储姣忔寰幆浼氫繚鐣欎娇妯″瀷姝g‘棰勬祴姒傜巼鏈€浣庣殑鑻ュ共涓紙璐┆鎼滅储鏄�1涓級澶囬€夊鎶楁牱鏈紝杩涜涓嬩竴涓瘝锛堝瓧绗︼級鐨勭炕杞悳绱€€�
鍙傛暟璇存槑
~~~~~~~~
1. :code:`top_n`: 鍗曟鎼滅储浜х敓鐨勫閫夋浛鎹㈣瘝锛堝瓧绗︼級鏁扮洰
2. :code:`max_num_words`: 鏈夋晥瀵规姉鏍锋湰琚浛鎹㈢殑璇嶏紙瀛楃锛夌殑鏁扮洰涓婇檺
3. :code:`min_cos_sim`: 鏈夋晥瀵规姉鏍锋湰涓庡師鏍锋湰杩涜鐨勮瘝鏇挎崲鐨勮瘝宓屽叆鍚戦噺鐨勬渶灏忎綑寮﹁窛绂�
4. :code:`beam_width`: 鏉熸悳绱㈡瘡娆℃悳绱箣鍚庝繚鐣欑殑澶囬€夊鎶楁牱鏈殑鏁扮洰
PWWS绠楁硶 [#pwws]_
--------------------------
绠楁硶浠嬬粛
~~~~~~~~
:code:`PWWS` 绠楁硶鍏ㄧО鏄疨robability Weighted Word Saliency锛屾槸涓€绉嶈瘝绾у埆鐨勯粦鐩掓敾鍑荤畻娉曪紝涓昏閽堝鐨勬槸鏂囨湰鍒嗙被妯″瀷銆� :code:`PWWS` 鐨勪富瑕佹柟娉曟槸閫氳繃 :code:`WordNet` 閫夊彇璇嶇殑杩戜箟璇嶈繘琛屾浛鎹紝閫氳繃缁煎悎鑰冭檻璇嶆浛鎹㈠甫鏉ョ殑姝g‘棰勬祴姒傜巼鐨勬敼鍙橀噺浠ュ強鍘熻瘝鍦ㄦ暣涓彞瀛愪腑鐨勬樉钁楀害锛圫aliency锛夎繘琛岀瓫閫夛紝寰楀埌瀵规姉鏍锋湰銆傝瘝 :math:`w_i` 鍦ㄥ彞瀛� :math:`X = w_1w_2\ldots w_i\ldots w_d` 涓殑鏄捐憲搴﹀畾涔夊涓�
.. math::
S(X, w_i) = P(y_{true}|X) - P(y_{true}|\widehat{X})
鍏朵腑 :math:`\widehat{X} = w_1w_2\ldots [UNK]\ldots w_d` 涓哄湪鍙ュ瓙 :math:`X = w_1w_2\ldots w_i\ldots w_d` 涓皢璇� :math:`w_i` 鏇挎崲涓轰竴涓壒娈婄殑token :code:`[UNK]` 寰楀埌鐨勫彞瀛愶紙杩欎釜token涔熷彲浠ユ槸浠讳綍涓嶅湪瑕佹敾鍑绘ā鍨嬶紙鐨則okenizer锛夌殑璇嶆眹琛ㄤ腑鐨勮瘝锛夈€傚浜庢瘡涓彞瀛� :math:`X` 锛屽彲浠ラ€氳繃杩欑鏂瑰紡寰楀埌瀹冪殑璇嶆樉钁楀害鍚戦噺 :math:`S(X) = (S(w_1), \ldots, S(w_d))`銆� 瑕佹敞鎰忕殑鏄� :code:`PWWS` 绠楁硶涓娇鐢ㄨ瘝鏄捐憲搴︼紙Saliency锛変笌 `TextFooler绠楁硶`_ 涓娇鐢ㄧ殑鐨勮瘝閲嶈搴︼紙Importance锛夌殑寮傚悓涔嬪銆� :code:`PWWS` 绠楁硶鐨勬祦绋嬪涓�
1. 瀵逛簬寰呮敾鍑荤殑鍙ュ瓙 :math:`X = w_1w_2\ldots w_i\ldots w_d` 涓殑姣忎釜璇� :math:`w_i` 锛岃绠楀叾鏄捐憲搴� :math:`S(X, w_i)` 銆傚悓鏃讹紝浠� :code:`WordNet` 涓€夊彇瀹冪殑杩戜箟璇嶉泦鍚� :math:`\mathbb{L}_i` 銆傝嫢 :math:`w_i` 鏄笓鍚嶏紝鍒欎粠闆嗗悎 :math:`NE_{adv}` 涓€夊嚭涓庡叾璇嶆€х浉鍚岀殑璇嶏紝骞跺叆 :math:`\mathbb{L}_i` 涓€� :math:`NE_{adv}` 涓烘暟鎹泦涓娴嬫纭彞瀛愪腑鍑虹幇杩囩殑涓撳悕缁勬垚闆嗗悎锛屽湪璇嶆眹琛ㄤ腑鎵€鏈変笓鍚嶉泦鍚堜腑鐨勮ˉ闆嗐€傦紙涓€鑸繖鏉℃瘮杈冮毦瀹炵幇锛屽湪浠g爜瀹炵幇涓苟鏈€冭檻娣诲姞 :math:`NE_{adv}` 锛夈€傞€氳繃濡備笅鐨勫叕寮忎粠闆嗗悎 :math:`\mathbb{L}_i` 涓彇鍑鸿瘝 :math:`w_i` 鐨勬浛鎹㈣瘝 :math:`w_i^*`
.. math::
w_i^* = R(w_i, \mathbb{L}_i) = \operatorname{argmax}\limits_{w_i'\in \mathbb{L}_i} \{P(y_{true}|X) - P(y_{true}|X_i')\}
鍏朵腑 :math:`X_i' = w_1w_2\ldots w_i'\ldots w_d` 銆傝繖鏍峰彲浠ュ緱鍒板鎶楁牱鏈� :math:`X_i^* = w_1w_2\ldots w_i^*\ldots w_d` 锛屽苟浠�
.. math::
\Delta P_i^* = P(y_{true}|X) - P(y_{true}|X_i^*)
2. 灏嗚瘝 :math:`w_1, w_2, \ldots, w_d` 鎸夊涓嬪畾涔夌殑鍒嗘暟浠庨珮鍒颁綆鎺掑簭
.. math::
H(X, X_i^*, w_i) = operatorname{Softmax}(S(X))_i \cdot \Delta P_i^*
鍏朵腑 :math:`S(X)` 涓轰箣鍓嶅畾涔夌殑鍙ュ瓙 :math:`X` 鐨勮瘝鏄捐憲搴﹀悜閲忋€備箣鍚庡紑濮嬫墽琛屽涓嬬殑璐┆鎼滅储锛坓reedy search锛夈€備粠 :math:`i = 1` 寮€濮嬶紝鐢ㄦ帓濂藉簭鐨勫墠 :math:`i` 涓瘝鐢ㄧ1姝ヤ腑鎵惧埌鐨勬浛鎹㈣瘝杩涜鏇挎崲锛屽緱鍒板彞瀛� :math:`X^{(i)}` 锛岀洿鍒拌鏀诲嚮妯″瀷鍦� :math:`X^{(i)}` 涓婁骇鐢熷垎绫婚敊璇紝浠庤€屽緱鍒板鎶楁牱鏈€傝嫢閬嶅巻缁欏畾鍙繘琛屾浛鎹㈣瘝鏁伴噺涓婄晫浠嶆病鏈夐€犳垚妯″瀷鍒嗙被閿欒锛岄偅涔堟敾鍑诲け璐ワ紝鑾峰彇瀵规姉鏍锋湰澶辫触銆�
鍙傛暟璇存槑
~~~~~~~~
BAE绠楁硶 [#bae]_
--------------------------
绠楁硶浠嬬粛
~~~~~~~~
:code:`BAE` 绠楁硶鍏ㄧО鏄疊ERT-Based Adversarial Examples锛屾槸涓€绉嶈瘝绾у埆鐨勯粦鐩掓敾鍑荤畻娉曪紝涓昏閽堝鐨勬槸鏂囨湰鍒嗙被妯″瀷銆�:code:`BAE` 绠楁硶浜х敓瀵规姉鏍锋湰鐨勬柟娉曚富瑕佹槸鍒╃敤鎺╃爜璇█妯″瀷锛坢asked language model, MLM, 渚嬪 :code:`BERT` 锛変骇鐢熷閫夎瘝锛屾彃鍏ヨ瀵规姉鏍锋湰锛屾垨鑰呮浛鎹㈣瀵规姉鏍锋湰涓殑璇嶃€�:code:`BAE` 绠楁硶鍏蜂綋娴佺▼濡備笅锛�
1. 璁$畻鍙ュ瓙 :math:`X = w_1w_2\ldots w_d` 涓瘡涓瘝鐨勯噸瑕佸害锛圛mportance锛夛紝骞舵寜闄嶅簭鎺掑垪銆傝瘝閲嶈搴︾殑璁$畻鏂规硶涓� `TextFooler绠楁硶`_ 涓殑璇嶉噸瑕佸害璁$畻鏂规硶涓€鑷淬€�
2. 鍒濆鍖栧鎶楁牱鏈负 :math:`X_{adv} = X` 銆傛墽琛屽涓嬬殑璐┆鎼滅储锛坓reedy search锛夈€備粠 :math:`i = 1` 寮€濮嬶紝渚濇鍙栬瘝閲嶈搴︽帓鍚嶇 :math:`i` 锛堣繖閲屼负浜嗚鍙锋柟渚匡紝浠嶇劧璁颁负 :math:`w_i`锛夛紝鍒╃敤鎺╃爜璇█妯″瀷锛岃绠楀涓嬪甫鎺╃爜鐨勫彞瀛�
.. math::
X_{adv}[1:i-1][Mask]X_{adv}[i+1:d] \quad \text{鎴栬€厎 \quad X_{adv}[1:i][Mask]X_{adv}[i+1:d]
:math:`[Mask]` 澶勬鐜囨帓鍚嶅墠 :math:`k` 鐨勮瘝锛屾浛鎹� :math:`[Mask]` 锛屽緱鍒板閫夊鎶楁牱鏈殑闆嗗悎锛岃涓� :math:`\mathbb{L}[i]` 銆傝繖閲岀殑 :math:`X_{adv}[1:i-1]` 涓� 褰撳墠瀵规姉鏍锋湰 :math:`X_{adv}` 鍦ㄨ瘝 :math:`w_i` 涔嬪墠鐨勮瘝缁勬垚鐨勫簭鍒楋紝鍏朵粬璁板彿鐨勬剰涔変緷姝ょ被鎺ㄣ€備笂寮忕殑鍓嶄竴绉嶆ā寮忚绉颁綔璇嶆浛鎹㈡ā寮忥紝鍚庝竴绉嶆ā寮忚绉颁綔璇嶆彃鍏ユā寮忋€傚湪鐢熸垚澶囬€夊鎶楁牱鏈殑鏃跺€欙紝涓ょ妯″紡鍙互閲囩敤浜岃€呬腑鐨勪竴绉嶏紝鎴栬€呮贩鐢ㄣ€傚浜庡閫夊鎶楁牱鏈殑闆嗗悎 :math:`\mathbb{L}[i]` 锛岃繘涓€姝ヤ娇鐢� :code:`Universal Sentence Encoder` 璁$畻涓庡師鍙ュ瓙 :math:`X` 鐨勮涔夌浉浼煎害锛岀瓫閫夊嚭鐩镐技搴﹂珮浜庨璁鹃槇鍊肩殑澶囬€夊鎶楁牱鏈€傚鏋滄槸鏇挎崲妯″紡锛屽垯闇€瑕侀澶栨鏌ユ浛鎹㈣瘝涓庤鏇挎崲璇嶇殑璇嶆€э紝鍓旈櫎璇嶆€т笉涓€鑷寸殑鏇挎崲璇嶅搴旂殑澶囬€夊鎶楁牱鏈€�
3. 妫€鏌ュ閫夊鎶楁牱鏈殑闆嗗悎 :math:`\mathbb{L}[i]` 锛岀湅鍏朵腑鐨勫彞瀛愯兘鍚︿娇妯″瀷浜х敓鍒嗙被閿欒銆傚鏋滄湁锛屽垯鍙栧叾涓笌鍘熷彞瀛愯涔夌浉浼煎害鏈€楂樼殑浣滀负鏈€缁堜骇鐢熺殑瀵规姉鏍锋湰锛屽苟缁撴潫寰幆銆傝嫢 :math:`\mathbb{L}[i]` 鎵€鏈夊閫夊鎶楁牱鏈兘涓嶈兘浣挎ā鍨嬩骇鐢熷垎绫婚敊璇紝閭d箞鍙栧叾涓娇寰楁ā鍨嬫纭垎绫绘鐜囨渶浣庣殑浣滀负 :math:`X_{adv}` 锛岃繘鍏ヤ笅涓€寰幆銆傜洿鍒颁骇鐢熶娇妯″瀷鍒嗙被閿欒鐨勫鎶楁牱鏈紝鎴栬€呴亶鍘嗘墍鏈夎瘝鍚庢墧涓嶈兘鐢熸垚浜х敓浣挎ā鍨嬪垎绫婚敊璇殑瀵规姉鏍锋湰锛岃幏鍙栧鎶楁牱鏈け璐ャ€�
鍙傛暟璇存槑
~~~~~~~~
1. :code:`max_candidates`: 鍗曟鎼滅储锛堜娇鐢ㄦ帺鐮佽瑷€妯″瀷锛変骇鐢熺殑寰呴€夊鎶楁牱鏈暟鐩笂闄�
2. :code:`use_threshold`: 鏈夋晥瀵规姉鏍锋湰涓庡師鏍锋湰鐨勫彞宓屽叆锛堜娇鐢� :code:`Universal Sentence Encoder`锛夊悜閲忕殑鏈€灏忎綑寮﹁窛绂�
BERT-Attack绠楁硶 [#bertattack]_
--------------------------------
绠楁硶浠嬬粛
~~~~~~~~
:code:`BERT-Attack` 绠楁硶涓� `BAE绠楁硶`_ 绠楁硶鍘熺悊涓庢祦绋嬬被浼硷紝浠ヤ笅浠呭垪鍑轰笉鍚岀偣锛�
1. :code:`BERT-Attack` 绠楁硶鐨勮瘝閲嶈搴︾殑璁$畻鏂规硶涓� :code:`PWWS` 绠楁硶鐨勮瘝鏄捐憲搴﹁绠楁柟娉曚竴鑷达紝鍗冲皢瑕佽绠楃殑璇嶇敤鐗瑰畾鐨則oken杩涜鏇挎崲锛涜€� :code:`BAE` 绠楁硶鍒欐槸涓� :code:`TextFooler` 绠楁硶涓€鑷达紝灏嗚璁$畻鐨勮瘝鍒犻櫎銆�
2. 鐢熸垚澶囬€夊鎶楁牱鏈泦鍚堢殑鏂瑰紡涓嶅悓銆� :code:`BERT-Attack` 绠楁硶骞朵笉鍍� :code:`BAE` 绠楁硶閭f牱瀵瑰師鍙ヨ繘琛屾帺鐮佺殑鎿嶄綔锛岃€屾槸瀵逛娇鐢ㄥ瓧鑺傚缂栫爜锛圔ytes-Pair-Encoding, BPE锛変箣鍚庡緱鍒扮殑token搴忓垪杩涜鎺╃爜锛岄€氳繃鎺╃爜璇█妯″瀷 :code:`BERT` 鑾峰彇杩欎簺token鐨勬浛鎹㈠垪琛ㄣ€傝繖浜泃oken鍙兘鏄瘝锛屼篃鍙兘鏄瓙璇嶏紙sub-word锛夈€傚綋鏌愪釜token涓嶆槸璇嶇殑鏃跺€欙紝闇€瑕佸皢杩欎釜token鎵€鍦ㄨ瘝瑕嗙洊鐨則oken鐨勬浛鎹㈠垪琛ㄨ繘琛岀粍鍚堬紝瀵硅繖浜涚粍鍚堣繘琛岀紪鐮侀€嗘搷浣滆幏鍙栬瘝鐨勬浛鎹㈣瘝锛屽苟鎸夋贩涔卞害锛坧erplexity锛岀敱 :code:`BERT` 鑾峰彇锛夊€掓帓銆�
鍙傛暟璇存槑
~~~~~~~~
1. :code:`max_candidates`: 鍗曟鎼滅储锛堜娇鐢ㄦ帺鐮佽瑷€妯″瀷锛変骇鐢熺殑寰呴€夊鎶楁牱鏈暟鐩笂闄�
2. :code:`use_threshold`: 鏈夋晥瀵规姉鏍锋湰涓庡師鏍锋湰鐨勫彞宓屽叆锛堜娇鐢� :code:`Universal Sentence Encoder`锛夊悜閲忕殑鏈€灏忎綑寮﹁窛绂�
3. :code:`max_perturb_percent`: 璇嶆浛鎹㈡瘮渚嬫渶楂樺€硷紝涓€涓湁鏁堢殑瀵规姉鏍锋湰鐩歌緝鍘熷彞瀛愪腑璇嶈鏇挎崲鐨勬瘮渚嬩笉鑳借秴杩囪繖涓€�
.. CheckList绠楁硶 [#checklist]_
.. ------------------------------
.. 绠楁硶浠嬬粛
.. ~~~~~~~~
.. :code:`CheckList` 绠楁硶鏄竴绉嶈瘝绾у埆鐨勯粦鐩掓敾鍑荤畻娉曪紝涓昏閽堝鐨勬槸鏂囨湰鍒嗙被妯″瀷銆�:code:`CheckList` 绠楁硶涓昏渚濊禆浜庝汉宸ュ缓绔嬬殑鐭ヨ瘑搴擄紝涓庤瘝鎬э紙part-of-speech锛夈€佷笓鍚嶏紙named entity锛夋鏌ュ櫒锛屽叾璇嶆浛鎹㈢殑鏂瑰紡涓昏鏈変互涓嬪嚑绉嶏細
.. 1. 鍦板悕鏇挎崲
.. 2. 浜哄悕鏇挎崲
.. 3. 鏁板瓧鏇挎崲
.. 4. 缂╁啓鏇挎崲锛堜緥濡� it is 涓� it's 涔嬮棿鐨勭浉浜掓浛鎹紝涓昏閽堝鏈夊瓧姣嶇郴缁熺殑璇█锛屽鑻辫绛夛級
.. :code:`CheckList` 绠楁硶鐨勬悳绱㈡柟娉曟槸璐┆鎼滅储锛坓reedy search锛夛紝鍗虫瘡娆℃浛鎹竴涓瘝锛屾浛鎹㈣瘝浣垮緱妯″瀷杩涜姝g‘棰勬祴鐨勬鐜囨渶浣庛€�
.. 鍙傛暟璇存槑
.. ~~~~~~~~
.. CLARE绠楁硶 [#clare]_
.. ------------------------------
.. 绠楁硶浠嬬粛
.. ~~~~~~~~
.. :code:`CLARE` 绠楁硶鍏ㄧО鏄� **C**\ ontextua\ **L**\ ized **A**\ dversa\ **R**\ ial **E**\ xample generation model锛屾槸涓€绉嶈瘝绾у埆鐨勯粦鐩掓敾鍑荤畻娉曘€�:code:`CLARE` 绠楁硶鐢熸垚澶囬€夊鎶楁牱鏈殑鏂瑰紡涓� `BAE绠楁硶`_ 绫讳技锛岄噰鐢ㄦ帺鐮佽瑷€妯″瀷瀵逛簬闇€瑕佹浛鎹㈢殑璇嶏紝鎴栬€呮彃鍏ヨ瘝鐨勪綅缃姞鍏ユ帺鐮侊紝鐢ㄦ帺鐮佽瑷€妯″瀷瀵逛簬鎺╃爜鐨勮緭鍑洪娴嬬粨鏋滀綔涓烘浛鎹㈡垨鎻掑叆鐨勮瘝銆� :code:`CLARE` 绠楁硶鐩歌緝浜� `BAE绠楁硶`_ 锛屾柊澧炰簡鍚堝苟璇嶏紙merge锛夌殑妯″紡锛屽嵆灏嗕袱涓浉閭荤殑璇嶇敤涓€涓帺鐮佷唬鏇匡紝鍘荤敓鎴愬閫夎瘝銆� :code:`CLARE` 骞朵笉璁$畻鍙ュ瓙涓瘝鐨勯噸瑕佸害鎴栬€呭叾浠栫被浼肩殑鍒嗘暟锛屾寜姝ゆ帓搴忎箣鍚庤繘琛岃椽濠悳绱紝鑰屾槸鐩存帴鎸夌収璇嶅湪鍙ュ瓙涓殑椤哄簭杩涜璐┆鎼滅储銆�
.. 鍙傛暟璇存槑
.. ~~~~~~~~
.. 1. :code:`max_candidates`: 鍗曟鎼滅储锛堜娇鐢ㄦ帺鐮佽瑷€妯″瀷锛変骇鐢熺殑寰呴€夊鎶楁牱鏈暟鐩笂闄�
.. 2. :code:`use_threshold`: 鏈夋晥瀵规姉鏍锋湰涓庡師鏍锋湰鐨勫彞宓屽叆锛堜娇鐢� :code:`Universal Sentence Encoder`锛夊悜閲忕殑鏈€灏忎綑寮﹁窛绂�
DeepWordBug绠楁硶 [#deepwordbug]_
-----------------------------------
绠楁硶浠嬬粛
~~~~~~~~
:code:`DeepWordBug` 绠楁硶鏄瓧绗︾骇鍒殑榛戠洅鏀诲嚮绠楁硶銆� :code:`DeepWordBug` 绠楁硶鍒╃敤绫讳技 `TextFooler绠楁硶`_ 涓殑鏂规硶锛岃绠楀彞瀛愪腑姣忎釜璇嶇殑閲嶈搴︼紝鎸夋鎺掑簭涔嬪悗杩涜璐┆鎼滅储銆傜敱浜� :code:`DeepWordBug` 绠楁硶鏄瓧绗︾骇鍒殑鏀诲嚮绠楁硶锛屽叾浜х敓鏇挎崲璇嶇殑鏂规硶鏈夊涓嬪嚑绉�
1. 璇嶄腑鐩搁偦瀛楃浜ゆ崲
2. 闅忔満寰€璇嶄腑鎻掑叆瀛楃
3. 闅忔満鍒犻櫎璇嶄腑瀛楃
4. 闅忔満鏇挎崲璇嶄腑瀛楃
鍙傛暟璇存槑
~~~~~~~~
1. :code:`use_all_transformations`: 甯冨皵鍊肩殑鍙傛暟锛屽鏋滅疆涓虹湡锛圱rue锛夛紝鍒欎娇鐢ㄦ墍鏈�4绉嶄骇鐢熸浛鎹㈣瘝鐨勬柟娉曪紱鍚﹀垯浠呬娇鐢ㄦ渶鍚庝竴绉嶄骇鐢熸浛鎹㈣瘝鐨勬柟娉曪紝鍗抽殢鏈烘浛鎹㈣瘝涓瓧绗︺€�
2. :code:`max_edit_distance`: 鏈夋晥瀵规姉鏍锋湰涓庡師鏍锋湰鐨勭紪杈戣窛绂绘渶澶у€�
.. Genetic绠楁硶 [#genetic]_
.. -------------------------
.. 绠楁硶浠嬬粛
.. ~~~~~~~~
.. :code:`Genetic` 绠楁硶鏄疷CLA璁$畻鏈虹郴鐨凪oustafa Alzantot绛変汉鎻愬嚭鐨勶紝鍩轰簬閬椾紶绠楁硶鐨勮瘝绾у埆鐨勯粦鐩掓敾鍑荤畻娉曪紝鏈夋椂涔熻绉颁綔 :code:`Alzantot` 绠楁硶銆�
.. :code:`Alzantot` 绠楁硶浜х敓鏂扮殑澶囬€夊鎶楁牱鏈殑鍩烘湰鏂规硶涓鸿瘝鏇挎崲锛岃绉颁綔涓烘壈鍔紙perturb锛夈€傛洿鍏蜂綋鏉ヨ锛屾槸鍒╃敤璇嶅祵鍏ユā鍨嬶紝渚嬪 :code:`CounterFittedEmbedding` 锛� :code:`ChineseWord2Vec` 绛夛紝閫氳繃璁$畻璇嶅祵鍏ュ悜閲忕殑浣欏鸡璺濈鎴栬€呮姘忚窛绂伙紝鑾峰彇涓庤鏇挎崲璇嶈窛绂绘渶杩戠殑鑻ュ共璇嶈繘琛岃瘝鏇挎崲锛屼粠鑰屼骇鐢熷閫夊鎶楁牱鏈€� 杩欎簺澶囬€夊鎶楁牱鏈繕浼氬埄鐢� :code:`Google 1 billion words language model` 浜х敓鐨勮瑷€娴佺晠搴﹁瘎鍒嗕綔杩涗竴姝ョ瓫閫夛紝鍙繚鐣欏緱鍒嗘渶楂樼殑鑻ュ共涓€�
.. :code:`Alzantot` 绠楁硶鐨勬牳蹇冩槸鍏堕仐浼犵畻娉曘€傚叿浣撴潵璇达紝鍒╃敤涓婁竴浠o紙涓婁竴娆″惊鐜級鐨勪釜浣擄紙澶囬€夊鎶楁牱鏈級閫氳繃浜ゅ弶锛坈rossover锛夌殑鏂瑰紡浜х敓涓嬩竴浠g殑涓綋锛堝閫夊鎶楁牱鏈級銆傝繖閲岀殑浜ゅ弶鎿嶄綔涓猴紝鐢ㄦ煇涓閫夊鎶楁牱鏈殑闅忔満浣嶇疆鐨勬煇浜涜瘝锛屽幓鏇挎崲鍙︿竴涓閫夊鎶楁牱鏈浉搴斾綅缃殑璇嶃€傝繘琛屽畬浜ゅ弶涔嬪悗寰楀埌鐨勫閫夊鎶楁牱鏈紝鍐嶈繘琛屼竴娆″熀浜庤瘝宓屽叆妯″瀷鐨勬壈鍔ㄦ搷浣滐紝鍗冲彉寮傦紙mutation锛夌殑鎿嶄綔锛屽苟渚濇嵁琚敾鍑绘ā鍨嬪仛鍑烘纭垎绫荤殑姒傜巼浠庝綆鍒伴珮鍊掓帓锛屽彧淇濈暀涓€瀹氭暟鐩殑澶囬€夊鎶楁牱鏈紝灏卞緱鍒颁簡涓嬩竴浠g殑澶囬€夊鎶楁牱鏈€傝繖鏍锋瀯鎴愪簡 :code:`Alzantot` 绠楁硶鐨勪竴娆″畬鏁寸殑寰幆銆�
.. 鍙傛暟璇存槑
.. ~~~~~~~~
.. 1. :code:`max_candidates`: 鍗曟鎼滅储锛堜娇鐢ㄨ瘝宓屽叆妯″瀷锛変骇鐢熺殑寰呴€夊鎶楁牱鏈暟鐩笂闄�
.. 2. :code:`max_perturb_percent`: 鏈夋晥瀵规姉鏍锋湰琚浛鎹㈢殑璇嶇殑姣斾緥鐨勬渶楂樺€�
.. 3. :code:`max_mse_dist`: 鏈夋晥鐨勬浛鎹㈣瘝涓庤鏇挎崲璇嶇殑璇嶅祵鍏ュ悜閲忔姘忚窛绂绘渶澶у€�
.. 4. :code:`max_iters`: 閬椾紶绠楁硶杩唬鏈€澶ф鏁�
.. 5. :code:`pop_size`: 閬椾紶绠楁硶姣忎竴浠d釜浣擄紙澶囬€夊鎶楁牱鏈級鐨勬暟鐩笂闄�
.. FasterGenetic绠楁硶 [#fastergenetic]_
.. ---------------------------------------
.. 绠楁硶浠嬬粛
.. ~~~~~~~~
.. :code:`FasterGenetic` 绠楁硶涓� `Genetic绠楁硶`_ 鍘熺悊涓庢祦绋嬪熀鏈竴鑷达紝浜岃€呭敮涓€鐨勫尯鍒湪浜� :code:`FasterGenetic` 绠楁硶绠楁硶灏嗙敤浜庢鏌ュ閫夊鎶楁牱鏈笌鍘熸牱鏈殑璇█娴佺晠搴︾殑璇█妯″瀷鏇挎崲涓轰簡 :code:`Learning2Write` [#l2w]_ 妯″瀷銆傝繖涓ā鍨嬬浉杈� :code:`Google 1 billion words language model` 鏇磋交渚匡紝瀵规樉瀛樺ぇ灏忚姹傛洿浣庯紝閫熷害鏇村揩銆�
.. 鍙傛暟璇存槑
.. ~~~~~~~~
.. 1. :code:`max_candidates`: 鍗曟鎼滅储锛堜娇鐢ㄨ瘝宓屽叆妯″瀷锛変骇鐢熺殑寰呴€夊鎶楁牱鏈暟鐩笂闄�
.. 2. :code:`max_perturb_percent`: 鏈夋晥瀵规姉鏍锋湰琚浛鎹㈢殑璇嶇殑姣斾緥鐨勬渶楂樺€�
.. 3. :code:`max_mse_dist`: 鏈夋晥鐨勬浛鎹㈣瘝涓庤鏇挎崲璇嶇殑璇嶅祵鍏ュ悜閲忔姘忚窛绂绘渶澶у€�
.. 4. :code:`max_iters`: 閬椾紶绠楁硶杩唬鏈€澶ф鏁�
.. 5. :code:`pop_size`: 閬椾紶绠楁硶姣忎竴浠d釜浣擄紙澶囬€夊鎶楁牱鏈級鐨勬暟鐩笂闄�
.. IGA绠楁硶 [#iga]_
.. --------------------
.. 绠楁硶浠嬬粛
.. ~~~~~~~~
.. :code:`IGA` 绠楁硶鍏ㄧО涓篒mproved Genetic Algorithm锛屽師鐞嗕笌娴佺▼涓� `Genetic绠楁硶`_ 绫讳技銆備簩鑰呬笉鍚屼箣澶勫湪浜�
.. 1. :code:`IGA` 绠楁硶鐨勪氦鍙夛紙crossover锛夋搷浣滀负锛屾煇涓笂涓€浠o紙涓婁竴娆″惊鐜級鐨勪釜浣擄紙澶囬€夊鎶楁牱鏈級浠庢煇涓綅缃紙浠ヨ瘝璁★級鍒囧紑鐨勫墠鍗婂彞锛屼笌鍙︿竴涓釜浣撲粠鍚屼竴浣嶇疆鍒囧紑鐨勫悗鍗婂彞杩涜鎷兼帴銆�
.. 2. :code:`IGA` 绠楁硶\ **涓嶄娇鐢�**\ 璇█妯″瀷瀵圭敓鎴愮殑澶囬€夊鎶楁牱鏈繘琛岃瑷€娴佺晠搴﹁瘎鍒嗗仛杩涗竴姝ョ瓫閫夈€�
.. 鍙傛暟璇存槑
.. ~~~~~~~~
.. 1. :code:`max_candidates`: 鍗曟鎼滅储锛堜娇鐢ㄨ瘝宓屽叆妯″瀷锛変骇鐢熺殑寰呴€夊鎶楁牱鏈暟鐩笂闄�
.. 2. :code:`max_perturb_percent`: 鏈夋晥瀵规姉鏍锋湰琚浛鎹㈢殑璇嶇殑姣斾緥鐨勬渶楂樺€�
.. 3. :code:`max_mse_dist`: 鏈夋晥鐨勬浛鎹㈣瘝涓庤鏇挎崲璇嶇殑璇嶅祵鍏ュ悜閲忔姘忚窛绂绘渶澶у€�
.. 4. :code:`max_iters`: 閬椾紶绠楁硶杩唬鏈€澶ф鏁�
.. 5. :code:`pop_size`: 閬椾紶绠楁硶姣忎竴浠d釜浣擄紙澶囬€夊鎶楁牱鏈級鐨勬暟鐩笂闄�
FD绠楁硶 [#fd]_
--------------------
绠楁硶浠嬬粛
~~~~~~~~
:code:`FD` 绠楁硶鏄竴绉嶈瘝绾у埆鐨勭櫧鐩掓敾鍑荤畻娉曘€傚叾瀵逛簬涓€涓鏀诲嚮鏍锋湰锛堝彞瀛愶級涓殑璇嶈繘琛岄殢鏈虹殑閫夊彇涓庢浛鎹紝浜х敓鏂扮殑澶囬€夌殑瀵规姉鏍锋湰銆�:code:`FD` 绠楁硶浜х敓鏇挎崲璇嶇殑鏂规硶缁撳悎浜嗗熀浜庤瘝宓屽叆妯″瀷鐨勬柟娉曚笌鍩轰簬琚敾鍑绘ā鍨嬫搴︾殑鏂规硶銆傚叿浣撴潵璇达紝璇ョ畻娉曢鍏堝埄鐢ㄨ瘝宓屽叆妯″瀷锛屼緥濡� :code:`CounterFittedEmbedding` 锛� :code:`ChineseWord2Vec` 绛夛紝浜х敓鏈€杩戦偦鐨勪竴浜涙浛鎹㈣瘝锛屽湪鍒╃敤琚敾鍑绘ā鍨嬬殑姊害淇℃伅锛屽湪杩欎簺璇嶄腑绛涢€変娇寰椾笅寮忔瀬灏忓寲鐨勮瘝
.. math::
\operatorname{argmin}_{w} \lVert \operatorname{sign}(\operatorname{Emb}(X^*[i]) - \operatorname{Emb}(w)) - \operatorname{sign}(J_F(X)[i]) \rVert_1
鍏朵腑 :math:`X` 涓鸿鏀诲嚮鏍锋湰锛� :math:`X^*` 涓哄綋鍓嶅閫夊鎶楁牱鏈紝 :math:`\operatorname{Emb}` 鏄鏀诲嚮妯″瀷鐨勮瘝宓屽叆灞傦紙涓嶆槸绗竴姝ヤ骇鐢熷垵姝ュ閫夎瘝鐨勮瘝宓屽叆妯″瀷锛夛紝 :math:`J_F(X)[i]` 鏄搴︿俊鎭紝 :math:`\lVert \cdot \rVert_1` 涓�1-鑼冩暟銆�
鍙傛暟璇存槑
~~~~~~~~
1. :code:`top_n`: 鍗曟鎼滅储锛屾渶缁堜骇鐢熺殑澶囬€夋浛鎹㈣瘝鏁扮洰
.. Pruthi绠楁硶 [#pruthi]_
.. ------------------------
.. 绠楁硶浠嬬粛
.. ~~~~~~~~
.. :code:`Pruthi` 绠楁硶鏄疌MU璁$畻鏈虹郴鐨凞anish Pruthi绛変汉鎻愬嚭鐨勫瓧绗︾骇鍒殑榛戠洅鏀诲嚮绠楁硶銆傝繖涓敾鍑荤畻娉曡緝涓虹畝鍗曪紝涓昏鍒╃敤浠ヤ笅4绉嶆柟寮忕敓鎴愭浛鎹㈣瘝杩涜璇嶇殑鏇挎崲鏉ョ敓鎴愬鎶楁牱鏈紝骞舵寜璇嶅湪鍙ュ瓙涓殑鑷劧椤哄簭杩涜璐┆鎼滅储锛�
.. 1. 璇嶄腑鐩搁偦瀛楃浜ゆ崲
.. 2. 闅忔満寰€璇嶄腑鎻掑叆瀛楃
.. 3. 闅忔満鍒犻櫎璇嶄腑瀛楃
.. 4. 鍒╃敤 :code:`QWERTY` 娉曢殢鏈烘浛鎹㈣瘝涓瓧绗�
.. 鍓�3绉嶆柟娉曟槸鍜� `DeepWordBug绠楁硶`_ 鍏辨湁鐨勭敓鎴愭浛鎹㈣瘝鐨勬柟娉曪紝绗�4绉嶆柟娉曚负 :code:`Pruthi` 绠楁硶鐗规湁鐨勭敓鎴愭浛鎹㈣瘝鐨勬柟娉曘€傝繖绉嶆柟娉曟ā鎷熺殑鏄汉閫氳繃鏅€氶敭鐩橈紙QWERTY閿洏锛夎緭鍏ユ寜閿欓敭鑰屼骇鐢熺殑閿欒鎷煎啓璇嶏紝姣忎釜瀛楁瘝鍙互鐢ㄥ叾鍛ㄥ洿鐨勮嫢骞插瓧姣嶆浛鎹紝鏉ョ粍鎴愰敊璇嫾鍐欒瘝銆�
.. 鍙傛暟璇存槑
.. ~~~~~~~~
.. 1. :code:`max_perturb_num`: 鏈夋晥瀵规姉鏍锋湰琚浛鎹㈢殑璇嶇殑鏁扮洰鐨勬渶楂樺€�
.. 2. :code:`min_word_len`: 瀛楃鏁扮洰浣庝簬杩欎釜鍊肩殑璇嶄笉杩涜璇嶇殑鏇挎崲锛堝嵆鎸変笂杩�4涓柟娉曠敓鎴愭嫾鍐欓敊璇殑璇嶏級
PSO绠楁硶 [#pso]_
--------------------
绠楁硶浠嬬粛
~~~~~~~~
:code:`PSO` 绠楁硶鏄竴绉嶈瘝绾у埆鐨勯粦鐩掓敾鍑荤畻娉曪紝寰楀悕鑷叾閲囩敤鐨勬悳绱㈠鎶楁牱鏈殑鏂规硶锛屽嵆绮掑瓙缇ょ畻娉曪紙Particle Swarm Optimization锛夈€傜矑瀛愮兢绠楁硶涓庨仐浼犵畻娉曢兘灞炰簬杩涘寲绠楁硶杩欎竴澶х被銆傚湪 :code:`PSO` 绠楁硶涓紝姣忎竴杩唬杞鐨勬牱鏈叏浣撹绉颁綔涓€涓兢锛坰warm锛夛紝涓€涓牱鏈绉颁綔涓€涓矑瀛愶紙particle锛夛紝姣忎釜绮掑瓙瀵瑰簲鐨勮瘝搴忓垪琚О浣滄悳绱㈢┖闂翠腑鐨勪竴涓綅缃紙position锛夈€�
:code:`PSO` 绠楁硶鐨勫彟涓€涓垱鏂颁箣澶勫湪浜庯紝瀹冪殑璇嶆浛鎹㈡柟娉曪紝鍙堢О鍙樺紓锛坢utation锛夋搷浣滀负锛屽埄鐢ㄧ煡璇嗗浘璋� :code:`HowNet` 涓箟绱狅紙sememes锛夌浉鍚岀殑璇嶈繘琛岃瘝鏇挎崲銆�
:code:`PSO` 绠楁硶鍏蜂綋娴佺▼濡備笅锛�
1. 鍒濆鍖栵紙Initialize锛夛細瀵硅鏀诲嚮鏍锋湰锛堝彞瀛愶級 :math:`X = w_1w_2\ldots w_D` 闅忔満鏇挎崲涓€涓瘝锛岀敓鎴� :math:`N` 鏂扮殑鏍锋湰锛屽苟缁欐瘡涓柊鏍锋湰闅忔満璧嬩簣涓€涓垵濮嬮€熷害锛坴elocity锛夛紝浠ユ涓虹涓€浠e紑濮嬭繘琛屽惊鐜凯浠c€傚垵濮嬮€熷害涓轰竴涓� :math:`D` 缁村悜閲忥紝鍏跺厓绱犲彇鍊艰寖鍥翠负 :math:`(-V_{\max}, V_{\max})` 锛屼唬琛ㄧ殑鏄搴斾綅缃殑璇嶈鏂拌瘝鏇挎崲鐨勬鐜囥€�
2. 璁板綍锛圧ecord锛夛細姣忎竴杩唬杞瀹屾垚涔嬪悗锛屽崟涓矑瀛愰兘璁板綍涓€娆′釜浣撴渶浣充綅缃紙individual best position锛夛紝瀵瑰簲浜庤绮掑瓙杈惧埌鐨勪紭鍖栫洰鏍囧嚱鏁扮殑鏈€楂樺€硷紙渚嬪琚敾鍑绘ā鍨嬫纭娴嬫鐜囩殑鐩稿弽鏁帮級锛涘悓鏃惰褰曟暣涓兢鐨勬暣浣撴渶浣充綅缃紙global best position锛夈€�
3. 鏇存柊锛圲pdate锛夛細鍦ㄦ瘡涓€杞凯浠d腑锛屾寜涓嬪紡鏇存柊锛堢 :math:`n` 涓矑瀛愶級鐨勯€熷害鍚戦噺
.. math::
v_d^n = w v_d^n + (1-w) \times [\mathcal{I}(p_d^n, x_d^n) + \mathcal{I}(p_d^g, x_d^n)], \quad d = 1, \cdots, D
鍏朵腑 :math:`x^n` 涓虹矑瀛� :math:`n` 褰撳墠浣嶇疆锛� :math:`p^n` 涓虹矑瀛� :math:`n` 鐨勪釜浣撴渶浣充綅缃紱 :math:`p^g` 涓烘暣浣撴渶浣充綅缃紱 :math:`w` 涓烘儻鎬ф潈閲嶏紙inertia weight锛夛紝鎸夊涓嬫柟寮忔洿鏂�
.. math::
w = (w_{\max} - w_{\min}) \times \frac{T-t}{T} + w_{\min}, \quad 0 < w_{\min} < w_{\max} < 1
鍏朵腑 :math:`T` 涓鸿凯浠f€昏疆鏁帮紝 :math:`t` 涓哄綋鍓嶈疆鏁帮紱 :math:`\mathcal{I}(a,b)` 涓哄涓嬪畾涔夌殑鍑芥暟
.. math::
\mathcal{I}(a,b) = \begin{cases} 1, & a=b \\ -1, & a \neq b \end{cases}
绮掑瓙 :math:`n` 鐨勬洿鏂版寜濡備笅鏂瑰紡杩涜锛氶鍏堬紝鎸夋鐜�
.. math::
P_i = P_{\max} - \frac{t}{T} \times (P_{\max} - P_{\min}), \quad 0 < P_{\min} < P_{\max} < 1
纭畾鏄惁鍚戜釜浣撴渶浣充綅缃Щ鍔ㄣ€傝嫢绉诲姩锛屽垯渚濇鐜囧悜閲� :math:`\operatorname{sigmoid}(v_1^n,\cdots,v_D^n)` 鍚戜釜浣撴渶浣充綅缃Щ鍔紝鍗崇 :math:`d` 涓瘝浠ユ鐜� :math:`\operatorname{sigmoid}(v_d^n)` 鏇挎崲涓轰釜浣撴渶浣充綅缃殑绗� :math:`d` 涓瘝銆傛帴涓嬫潵鎸夋鐜�
.. math::
P_g = P_{\min} + \frac{t}{T} \times (P_{\max} - P_{\min})
纭畾鏄惁鍚戞暣浣撴渶浣充綅缃Щ鍔ㄣ€傝嫢绉诲姩锛屽垯鍚屾牱渚濇鐜囧悜閲� :math:`\operatorname{sigmoid}(v_1^n,\cdots,v_D^n)` 鍚戞暣浣撴渶浣充綅缃Щ鍔ㄣ€傚畬鎴愮Щ鍔ㄤ箣鍚庯紝姣忎釜绮掑瓙浠ユ鐜�
.. math::
P_m (x^n) = \max \left( 0, 1-k\frac{\mathcal{E}(x^n, x^0)}{D} \right)
杩涜鍙樺紓鎿嶄綔銆傛洿鏂帮紙Update锛夊叏閮ㄥ畬鎴愪箣鍚庯紝杩斿洖绗簩閮ㄨ繘琛岃褰曪紙Record锛夋搷浣滐紝鍗宠褰曟鏃剁殑鎵€鏈変釜浣撴渶浣充綅缃互鍙婃暣浣撴渶浣充綅缃€�
4. 缁堟锛圱erminate锛夋潯浠朵负锛氭暣浣撴渶浣充綅缃搴旂殑浼樺寲鐩爣杈惧埌锛屼緥濡傝鏀诲嚮妯″瀷鍒嗙被閿欒銆�
鍙傛暟璇存槑
~~~~~~~~
1. :code:`max_candidates`: 鍗曟鎼滅储锛堜娇鐢ㄨ瘝宓屽叆妯″瀷锛変骇鐢熺殑寰呴€夊鎶楁牱鏈暟鐩笂闄�
2. :code:`max_iters`: 閬椾紶绠楁硶杩唬鏈€澶ф鏁�
3. :code:`pop_size`: 閬椾紶绠楁硶姣忎竴浠d釜浣擄紙澶囬€夊鎶楁牱鏈級鐨勬暟鐩笂闄�
TextBugger绠楁硶 [#textbugger]_
-------------------------------
绠楁硶浠嬬粛
~~~~~~~~
:code:`TextBugger` 绠楁硶鏄竴绉嶅瓧绗︾骇鍒笌璇嶇骇鍒贩鍚堢殑鏀诲嚮绠楁硶锛屽彲浠ヨ繘琛岄粦鐩掓敾鍑讳篃鍙互杩涜鐧界洅鏀诲嚮銆�
:code:`TextBugger` 绠楁硶鐨勭櫧鐩掓敾鍑绘柟娉曞涓嬶細瀵逛簬鏍锋湰 :math:`(X,y)` 锛屽叾涓� :math:`X = w_1w_2\ldots w_d` 涓哄彞瀛愶紝:math:`y` 涓哄叾鍒嗙被鏍囩銆傞€氳繃濡備笅鐨勫亸瀵兼暟璁$畻鍏朵腑姣忎釜璇�:math:`w_i` 鐨勯噸瑕佸害锛圛mportance锛�
.. math::
C_{w_i} = \dfrac{\partial \mathcal{F}_y(X)}{\partial w_i}
鍏朵腑 :math:`\mathcal{F}` 涓鸿鏀诲嚮鐨勫垎绫绘ā鍨嬶紝 :math:`\mathcal{F}_y` 涓鸿妯″瀷鍒嗙被涓� :math:`y` 鐨勬鐜囥€傚鍙ュ瓙涓殑璇嶆寜濡傛瀹氫箟鐨勯噸瑕佸害閲嶆帓涔嬪悗锛屾寜椤哄簭杩涜璐┆鎼滅储銆�
:code:`TextBugger` 绠楁硶鐨勯粦鐩掓敾鍑绘柟娉曚笌 `TextFooler绠楁硶`_ 鐨勫師鐞嗙被浼硷紝涔熸槸閲囧彇鍒犻櫎璇嶇殑鏂规硶璁$畻璇ヨ瘝鍦ㄥ彞瀛愪腑鐨勯噸瑕佸害锛屽皢璇嶆寜閲嶈搴︽帓搴忎箣鍚庯紝鎸夐『搴忚繘琛岃椽濠悳绱€€�
:code:`TextBugger` 绠楁硶鍦ㄥ瓧绗︾骇鍒敓鎴愭柊鐨勫閫夊鎶楁牱鏈殑鏂规硶鏈�
1. 璇嶄腑鐩搁偦瀛楃浜ゆ崲
2. 闅忔満寰€璇嶄腑鎻掑叆瀛楃
3. 闅忔満鍒犻櫎璇嶄腑瀛楃
4. 鍚屽舰瀛楃锛坔omoglyph锛夋浛鎹�
:code:`TextBugger` 绠楁硶鍦ㄨ瘝绾у埆鐢熸垚鏂扮殑澶囬€夊鎶楁牱鏈殑鏂规硶涓� `FD绠楁硶`_ 绛夌被浼硷紝浣跨敤璇嶅祵鍏ユā鍨嬶紝瀵绘壘宓屽叆鍚戦噺璺濈鏈€杩戠殑鏇挎崲璇嶈繘琛岃瘝鏇挎崲锛屼粠鑰屽緱鍒板閫夊鎶楁牱鏈€�
鍙傛暟璇存槑
~~~~~~~~
1. :code:`max_candidates`: 浣跨敤璇嶅祵鍏ユā鍨嬩骇鐢熺殑寰呴€夊鎶楁牱鏈暟鐩笂闄�
2. :code:`use_threshold`: 鏈夋晥瀵规姉鏍锋湰涓庡師鏍锋湰鐨勫彞宓屽叆锛堜娇鐢� :code:`Universal Sentence Encoder`锛夊悜閲忕殑鏈€灏忎綑寮﹁窛绂�
.. UAT绠楁硶 [#uat]_
.. -------------------------------
.. 绠楁硶浠嬬粛
.. ~~~~~~~~
.. :code:`UAT` 绠楁硶鍏ㄧО鏄� Universal Adversarial Triggers锛岃繖鏄竴绉嶇櫧鐩掓敾鍑绘柟娉曘€傝繖绉嶆敾鍑绘柟娉曟瘮杈冪壒娈婏紝鍏跺皾璇曚粠鏁翠釜鏁版嵁闆嗘悳绱竴涓垨鑰呭涓硾鐢ㄧ殑锛坲niversal锛夎Е鍙戝櫒锛坱rigger锛夈€傚噯纭潵璇达紝瑙﹀彂鍣ㄦ槸涓€浜涚煭璇紝杩涜鏂囨湰鏀诲嚮鐨勬椂鍊欏皢鍏舵彃鍏ュ彞瀛愬紑澶存垨鏄粨灏俱€傝繖浜涜Е鍙戝櫒瀵逛簬鏁翠釜鏁版嵁闆嗘潵璇存槸娉涚敤鐨勶紝鍗冲澶у鏁版暟鎹泦涓殑鏂囨湰锛屼笂杩扮殑浣跨敤瑙﹀彂鍣ㄧ殑鏀诲嚮閮芥槸鏈夋晥鐨勶紝鑳藉閫犳垚瑕佹敾鍑荤殑鏂囨湰鍒嗙被妯″瀷鐨勯敊璇垎绫汇€�
.. 鍙傛暟璇存槑
.. ~~~~~~~~
.. 寰呭啓
VIPPER绠楁硶 [#viper]_
-------------------------------
绠楁硶浠嬬粛
~~~~~~~~
:code:`VIPPER` 绠楁硶鍏ㄧО鏄� **VI**\ sual **PER**\ turber锛屾槸涓€绉嶅瓧绗︾骇鍒殑榛戠洅鏀诲嚮鏂规硶銆傝绠楁硶鎸夌収琚敾鍑绘牱鏈紙鍙ュ瓙锛変腑璇嶇殑椤哄簭锛屽璇嶄腑瀛楃杩涜鏇挎崲鐢熸垚鏂扮殑澶囬€夊鎶楁牱鏈紝骞舵墽琛岃椽濠悳绱€€�:code:`VIPPER` 绠楁硶鐢熸垚鏂扮殑澶囬€夊鎶楁牱鏈殑鏂规硶鏈�
1. 鍚屽舰瀛楃锛坔omoglyph锛夋浛鎹�
2. DCES锛圖escription-based character embedding space锛夊瓧绗︽浛鎹�
鍏朵腑绗�2绉嶆柟娉曟槸 :code:`VIPPER` 绠楁硶鐗规湁鐨勬柟娉曘€傝繖绉嶆柟娉曞苟涓嶆槸閫氬父鐨勫瓧绗﹀祵鍏ユ柟娉曪紝鑰屾槸鏍规嵁 Unicode 11.0.0 final names list锛屼緷鐓у瓧绗︽弿杩扮殑璇箟鏋勫缓鐨勪复杩戝瓧绗︼紙nearest neighbors锛夌煡璇嗗簱銆�
鍙傛暟璇存槑
~~~~~~~~
1. :code:`use_eces`: 杩欐槸涓€涓竷灏斿€肩殑鍙傛暟锛岃嫢涓虹湡锛� :code:`True` )锛屽垯浣跨敤鍚屽舰瀛楃鏇挎崲鏂规硶锛屽惁鍒欎娇鐢―CES瀛楃鏇挎崲鏂规硶
2. :code:`dces_threshold`: 姣忔鐢熸垚鏂扮殑瀵规姉鏍锋湰鏃讹紝DCES鏂规硶浜х敓澶囬€夋柊璇嶆暟鐩殑涓婇檺銆傝繖涓弬鏁颁粎褰� :code:`use_eces` 涓哄亣锛� :code:`False` )鏃惰捣浣滅敤銆�
A2T绠楁硶 [#a2t]_
-------------------------------
绠楁硶浠嬬粛
~~~~~~~~
:code:`A2T` 绠楁硶鍏ㄧО鏄疉ttacking to Training锛屽師鏈槸涓哄鎶楄缁冿紙adversarial training锛夎璁$殑鏂规硶锛屽叾鏍稿績閮ㄥ垎鏄竴濂楄瘝绾у埆鐨勭櫧鐩掑鎶楁敾鍑荤畻娉曘€傚叿浣撴潵璇达紝 :code:`A2T` 绠楁硶渚濇嵁琚敾鍑绘牱鏈腑璇嶇殑閲嶈搴︼紝浠庝綆鍒伴珮杩涜璐┆鎼滅储銆傚叾涓瘝鐨勯噸瑕佸害璁$畻鏂规硶鏄熀浜庢搴︾殑锛屼笌 `TextBugger绠楁硶`_ 鐨勮绠楁柟娉曠被浼笺€傚浜庢浛鎹㈣瘝鐨勯€夊彇锛� :code:`A2T` 绠楁硶鎻愪緵浜�2绉嶅彲閫夌殑鏂规硶锛�
1. 鍩轰簬璇嶅祵鍏ユā鍨嬶紝瀵绘壘宓屽叆鍚戦噺鐩歌繎鐨勮瘝浣滀负鏇夸唬璇嶏紝鍏蜂綋鍙傝 `FD绠楁硶`_ 銆�
2. 鍩轰簬鎺╃爜璇█妯″瀷锛屽皢琚浛鎹㈣瘝鐢ㄦ帺鐮佹浛鎹紝鐢ㄦ帺鐮佽瑷€妯″瀷瀵规帺鐮佺殑棰勬祴璇嶄綔涓烘浛鎹㈣瘝锛屽叿浣撳弬瑙� `BAE绠楁硶`_ 銆�
:code:`A2T` 绠楁硶鐨勫彟涓€涓垱鏂颁箣澶勬槸锛岀敤浜嗚繘琛屼簡妯″瀷钂搁鐨勫彞宓屽叆妯″瀷鏉ュ害閲忓閫夊鎶楁牱鏈笌鍘熸牱鏈殑璇箟璺濈锛堝彞宓屽叆鍚戦噺璺濈锛夛紝鏋佸ぇ闄嶄綆浜嗘樉瀛橀渶姹傦紝鍔犲揩浜嗚绠楅€熷害銆�
鍙傛暟璇存槑
~~~~~~~~
1. :code:`max_candidates`: 鍗曟鎼滅储锛堜娇鐢ㄨ瘝宓屽叆妯″瀷鎴栨帺鐮佽瑷€妯″瀷锛変骇鐢熺殑寰呴€夊鎶楁牱鏈暟鐩笂闄�
2. :code:`min_cos_sim`: 鏈夋晥瀵规姉鏍锋湰涓庡師鏍锋湰杩涜鐨勮瘝鏇挎崲鐨勮瘝宓屽叆鍚戦噺鐨勬渶灏忎綑寮﹁窛绂�
3. :code:`use_threshold`: 鏈夋晥瀵规姉鏍锋湰涓庡師鏍锋湰鐨勫彞宓屽叆鍚戦噺鐨勬渶灏忎綑寮﹁窛绂�
4. :code:`max_modification_rate`锛氳瘝缁村害鐨勭紪杈戣窛绂伙紙琚浛鎹㈣瘝姣斾緥锛�
5. :code:`mlm`锛氬竷灏斿€肩殑鍙傛暟锛岃嫢涓虹湡锛屽垯浣跨敤鎺╃爜璇█妯″瀷鐢ㄤ簬鏇挎崲璇嶇殑鐢熸垚锛屽惁鍒欎娇鐢ㄨ瘝宓屽叆妯″瀷鐢熸垚鏇挎崲璇�
鍙傝€冩枃鐚�
---------
.. .. [#textattack] Morris J, Lifland E, Yoo J Y, et al. TextAttack: A Framework for Adversarial Attacks, Data Augmentation, and Adversarial Training in NLP[C]//Proceedings of the 2020 Conference on Empirical Methods in Natural Language Processing: System Demonstrations. 2020: 119-126.
.. .. [#openattack] Zeng G, Qi F, Zhou Q, et al. Openattack: An open-source textual adversarial attack toolkit[J]. arXiv preprint arXiv:2009.09191, 2020.
.. [#text_fooler] Jin D, Jin Z, Zhou J T, et al. Is bert really robust? a strong baseline for natural language attack on text classification and entailment[C]//Proceedings of the AAAI conference on artificial intelligence. 2020, 34(05): 8018-8025.
.. [#hotflip] Ebrahimi J, Rao A, Lowd D, et al. HotFlip: White-Box Adversarial Examples for Text Classification[C]//Proceedings of the 56th Annual Meeting of the Association for Computational Linguistics (Volume 2: Short Papers). 2018: 31-36.
.. [#pwws] Ren S, Deng Y, He K, et al. Generating natural language adversarial examples through probability weighted word saliency[C]//Proceedings of the 57th annual meeting of the association for computational linguistics. 2019: 1085-1097.
.. [#bae] Garg S, Ramakrishnan G. BAE: BERT-based Adversarial Examples for Text Classification[C]//Proceedings of the 2020 Conference on Empirical Methods in Natural Language Processing (EMNLP). 2020: 6174-6181.
.. [#bertattack] Li L, Ma R, Guo Q, et al. BERT-ATTACK: Adversarial Attack against BERT Using BERT[C]//Proceedings of the 2020 Conference on Empirical Methods in Natural Language Processing (EMNLP). 2020: 6193-6202.
.. .. [#checklist] Ribeiro M T, Wu T, Guestrin C, et al. Beyond Accuracy: Behavioral Testing of NLP Models with CheckList[C]//Proceedings of the 58th Annual Meeting of the Association for Computational Linguistics. 2020: 4902-4912.
.. .. [#clare] Li D, Zhang Y, Peng H, et al. Contextualized Perturbation for Textual Adversarial Attack[C]//Proceedings of the 2021 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies. 2021: 5053-5069.
.. [#deepwordbug] Gao J, Lanchantin J, Soffa M L, et al. Black-box generation of adversarial text sequences to evade deep learning classifiers[C]//2018 IEEE Security and Privacy Workshops (SPW). IEEE, 2018: 50-56.
.. .. [#fastergenetic] Jia R, Raghunathan A, G枚ksel K, et al. Certified Robustness to Adversarial Word Substitutions[C]//Proceedings of the 2019 Conference on Empirical Methods in Natural Language Processing and the 9th International Joint Conference on Natural Language Processing (EMNLP-IJCNLP). 2019: 4129-4142.
.. .. [#genetic] Alzantot M, Sharma Y, Elgohary A, et al. Generating Natural Language Adversarial Examples[C]//Proceedings of the 2018 Conference on Empirical Methods in Natural Language Processing. 2018: 2890-2896.
.. [#fd] Papernot N, McDaniel P, Swami A, et al. Crafting adversarial input sequences for recurrent neural networks[C]//MILCOM 2016-2016 IEEE Military Communications Conference. IEEE, 2016: 49-54.
.. .. [#iga] Wang X, Jin H, He K. Natural language adversarial attacks and defenses in word level[J]. arXiv preprint arXiv:1909.06723, 2019.
.. .. [#pruthi] Pruthi D, Dhingra B, Lipton Z C. Combating Adversarial Misspellings with Robust Word Recognition[C]//Proceedings of the 57th Annual Meeting of the Association for Computational Linguistics. 2019: 5582-5591.
.. [#pso] Zang Y, Qi F, Yang C, et al. Word-level Textual Adversarial Attacking as Combinatorial Optimization[C]//Proceedings of the 58th Annual Meeting of the Association for Computational Linguistics. 2020: 6066-6080.
.. [#textbugger] Li J, Ji S, Du T, et al. TextBugger: Generating Adversarial Text Against Real-world Applications[C]//26th Annual Network and Distributed System Security Symposium. 2019.
.. .. [#uat] Wallace E, Feng S, Kandpal N, et al. Universal Adversarial Triggers for Attacking and Analyzing NLP[C]//Proceedings of the 2019 Conference on Empirical Methods in Natural Language Processing and the 9th International Joint Conference on Natural Language Processing (EMNLP-IJCNLP). 2019: 2153-2162.
.. [#viper] Eger S, 艦ahin G G, R眉ckl茅 A, et al. Text Processing Like Humans Do: Visually Attacking and Shielding NLP Systems[C]//Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Volume 1 (Long and Short Papers). 2019: 1634-1647.
.. [#a2t] Yoo J Y, Qi Y. Towards Improving Adversarial Training of NLP Models[J]. arXiv preprint arXiv:2109.00544, 2021.
.. .. [#l2w] Holtzman A, Buys J, Forbes M, et al. Learning to Write with Cooperative Discriminators[C]//Proceedings of the 56th Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers). 2018: 1638-1649.